Norton has found Infostealer with the0040.dll

Subject Virus and file have been found by Norton AV. I think this is a relatively new version of infostealer based on search results. I think I've had it for a few weeks, but I think this week's update to Norton finally discovered it. HELP!!!

Disable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.3. If an update is found, it will download and install the latest version.4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.5. When the scan is complete, click OK, then Show Results to view the results.6. Make sure that everything found is checked, and click Remove Selected.7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.9. Copy&Paste the entire report in your next reply.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Nortons antivirus and any realtime antispyware programs that you may have must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection.----------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts.Install the recovery console when asked.When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" .Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Wow, that's alot of instructions. First of all, thank you very much for your time on this. Ok, here are the 2 logs. I believe I understood I was supposed to cut and paste the first one and attach the 2nd as a .zip file. So here goes:

3/27/2010 5:19:20 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .3/27/2010 5:19:20 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL. Reference error message: The operation completed successfully. .3/27/2010 5:19:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.3/22/2010 5:42:59 PM, error: Print [6161] - The document Test Page owned by B J Sheridan failed to print on printer Lexmark 6500 Series. Data type: LEMF. Size of the spool file in bytes: 1048080. Number of bytes printed: 1048080. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BERNICE. Win32 error code returned by the print processor: 0 (0x0). 3/20/2010 2:40:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdfCATSCustConnectService service to connect.3/20/2010 2:40:08 PM, error: Service Control Manager [7000] - The Norton AntiVirus Auto-Protect Service service failed to start due to the following error: The system cannot find the path specified.3/20/2010 2:40:08 PM, error: Service Control Manager [7000] - The lxdfCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Also, I ran the malware program and that went well. After restart there aren't anymore Norton pop-ups for the infostealer.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXKILLALL::Folder:: c:\documents and settings\B J Sheridan\Local Settings\Application Data\sqjlsb

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Well, I ran Combo Fix by dropping the text file onto it per previous instructions, but when I was logging onto this page, I got the blue screen of death. I think it said something about a paged error in a non-paged area.But restart went well. Here is the log from combo-fix:

This problem occurs because the run-time libraries are not installed on the Microsoft Dynamics CRM server. The applications that use side-by-side libraries cannot run without the run-time libraries.

And can be resolved as follows:

To resolve this problem, use the Microsoft Visual C++ 2005 Redistributable Package to install the runtime libraries. For more information about the Microsoft Visual C++ 2005 Redistributable Package, visit the following Microsoft Web site:

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

The information on Computing.Net is the opinions of its users. Such
opinions may not be accurate and they are to be used at your own risk.
Computing.Net cannot verify the validity of the statements made on this
site. Computing.Net and Compnet Ventures, LLC hereby disclaim all responsibility
and liability for the content of Computing.Net and its accuracy.